According to CNN, security analysts predict that nation-sponsored cyber attacks will become more dangerous this year -- some even say the increasinly sophisticated attacks could lead to the loss of human life. If this is in fact true, American governments would be not be immune.
A. N. Ananth, CEO of security firm EventTracker, said he feels that it’s important for the public sector to monitor their networks diligently, but they have to think smart for their efforts to be useful.
“The government, it’s become relatively inexpensive to attack,” he said. “The United States is the most connected society, bar none. There’s lots of good stuff online, and that’s why the bad guys are attacking.”
The "bad guys" expect that most IT managers either don’t regularly monitor their networks or don’t pay attention to the results when they do. Ananth said he thinks that network monitoring will protect tech pros from being caught off guard, but he admits that budget constraints can hamper beneficial activity.
“You want to be able to do that in an effective manner that doesn’t require you to spend beaucoup bucks on people," he said, "which you probably can’t do because I’m guess you’ve got a hiring freeze. You know, the size of government can’t go up and all that."
Ananth recommends automating part of the process but keeping a human in charge of that process. This would make tracking network activity and hardware easier without increasing dollars spent on personnel.
But dutiful log retention brings its own set of problems if agencies aren’t careful, because a backup of the data eats away storage space.
“All that stuff has to sit somewhere. Well, how long do you keep it? Three months, one year, seven years, 10 years, what?" Ananth said. "Assuming you’re going to keep it for any amount of time, you’re going to wind up chomping up this space like it’s going out of style."
But agencies can solve this problem, he said, by creating agency-specific log retention policies. It’s unlikely that the National Weather Service, for example, needs to retain every detail of live, up-to-the-minute wind shift data with the same zeal that the Department of Defense (DoD) employs when filing top secret military data. A business unit like the DoD has data auditing processes that are much more draconian than those of other agencies, so they’ll likely require a different set of log retention protocols.
Network monitoring is another term for “continuous monitoring,” which may gain traction in the federal sector. In late 2012, the Department of Homeland Security made news for issuing an RFP for continuous monitoring in federal networks. and two additional pieces of news from the White House, Ananth said, may lead to more continuous monitoring in the future:
- The Consumer Financial Protection Bureau, formed in 2012, allows the government to audit mortgage lenders, which may lead to network monitoring to classify and obtain the bureau's data more easily; and
- The passing of the Affordable Care Act may prompt the government to pursue medical fraud more aggressively -- to clamp down on fake Medicare and Medicaid accounts.
Consequently, agencies may adopt continuous monitoring to avoid punishment, but Ananth said he hopes that fear won’t be the only motivator. Security is important for its own sake, just like seatbelts are important to drivers for safety reasons -- not just because they’ll be penalized if they don’t wear them.
“You shouldn’t click the seatbelt just because the cop’s going to watch you," he said. "You should click it because you don’t want to be hurt."